Hi guys,I'm not so sure where to get help so I guess I'll try my luck here. I hope you guys can advice me on this one.

There's a hacking competition going on my area here since yesterday and yesterday was beginner level. I was able to get the file in the server as hints were given during that day. So today, the 2nd day, which is intermediate level, I'm stuck at a point.These are the hints:

1. FTP&Web access to root is enabled.2. Admin pass is simple alphanumeric 5 char long3. Hide&seek is what you need, one or two or both of them.

So I'm guessing I should start gaining access to ftp as root? The thing that really bothers me is the third hint. Any recommended software? Yesterdays was so simple so I just use hydra.

Thank you very much.

The prize for the competition is samsung s3 btw.... Really desperate lol.

Nice.... Thanks for the swift reply.Yes I'd figured it might be something like that but the third hint really bugs me. Does the hint refers to the 1st hint? Do we need to gain access from both ftp or web access or what?

Don't really have a clue about the clues he gave. I'm not exactly sure what a win scenario is for your contest but the Hide & Seek thing could mean you're supposed to gain access via a Man In The Middle attack by sending ARP packets then using something like ettercap/Cain&Able to sniff the credentials as someone logs in. Can't say for sure as I don't know the details.

There are 10 types of people in the world. Those who understand binary and those who don't.

Hide and seek could refer to files that are public, but have no direct link to them making them.. hidden. robots.txt and checking if directories on web list their content could be worth a try. Maybe even .htaccess protected but with a way to get the .htaccess file(like in some random mission of ours)

good luck

<Yoda> if someone says something i don't like, i ban him, ban whoever defends him, and then ban the witnesses...